GLM-V-PDF-to-WEB
Security checks across malware telemetry and agentic risk
Overview
The skill is mostly aligned with converting PDFs into websites, but its helper scripts can leave full PDF page images in temp storage and allow crop outputs to escape the intended folder.
Before installing, consider patching crop.py to enforce output paths, directing page renders into the project output folder, and cleaning temp files after use. Avoid running it on confidential PDFs unless you are comfortable with full-page images being processed and stored locally.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or accidental crop name could create or overwrite a PNG outside the intended web/crops folder within the agent's filesystem permissions.
The optional --name value is used directly in the output filename. If it contains path separators, ../ segments, or an absolute path, the crop output can escape the intended out_dir.
stem = name or _safe_stem(img_path)
filename = f"{stem}_crop.png"
out_path = os.path.join(out_dir, filename)Sanitize --name the same way as the default stem, reject path separators and absolute paths, and verify the final absolute output path stays inside the requested out_dir.
Private PDFs may leave full-page image copies in a temp folder that users may not notice or clean up.
When --out-dir is omitted, rendered full-page images of the PDF are written to the system temp directory. SKILL.md's Phase 1 command omits --out-dir despite saying all output goes under the workspace web directory.
out_dir = args.out_dir or os.path.join(tempfile.gettempdir(), f"{pdf_stem}_pages")Pass an explicit page-image directory under the documented output folder, add cleanup instructions, or clearly disclose temp-file retention.
Different package versions may be installed over time, and users must trust the package source selected by pip.
The skill depends on packages installed from the Python package ecosystem without version pins or a registry install spec.
pip install pymupdf pillow
Pin dependency versions and declare them in the install specification or provide a lockfile/provenance guidance.
Sensitive figures or page images from the PDF may be processed by a subagent during cropping.
The workflow intentionally sends source page images or crop targets to subagents for visual localization. This is disclosed and bounded, but relevant for confidential documents.
You MUST delegate ALL cropping to a clean subagent using the Agent tool ... a fresh subagent with only the target image
Use the skill only on PDFs suitable for agent processing, and keep the subagent context limited to the target image and crop instructions.